Docker Engine API can be published on TCP port
Unfortunately, too easy to publish without authentication
Certificate based server and client authentication is painful
Insecure dockerd
enables host breakout
Do not open TCP without authentication
More later!
Test containerized
Run container with Docker:
docker run --name tcp \
--detach \
--privileged \
--publish 127.0.0.1:2375:2375 \
docker:dind \
dockerd --host tcp://0.0.0.0:2375
Use remote Docker over TCP:
docker --host tcp://:2375 version
Define remote Docker using environment variable:
export DOCKER_HOST=tcp://:2375
docker version